-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 12 Sep 2016 16:17:14 +0300 Source: suckless-tools Binary: suckless-tools Architecture: source amd64 Version: 40-1+deb8u2 Distribution: stable-proposed-updates Urgency: medium Maintainer: Ilias Tsitsimpis <i.tsitsimpis@gmail.com> Changed-By: Ilias Tsitsimpis <i.tsitsimpis@gmail.com> Description: suckless-tools - simple commands for minimalistic window managers Changes: suckless-tools (40-1+deb8u2) stable-proposed-updates; urgency=medium . * CVE-2016-6866: Fix SEGV in slock when users account has been disabled. The screen locking application slock called crypt(3) and used the return value for strcmp(3) without checking to see if the return value of crypt(3) was a NULL pointer. If the hash returned by (getspnam()->sp_pwdp) was invalid, crypt(3) would return NULL and set errno to EINVAL. This would cause slock to segfault which then leaves the machine unprotected. Checksums-Sha1: 987f414c205d33e0a43a1eb485614843be217f18 4976 suckless-tools_40-1+deb8u2.dsc 5a7cdd39c2233b4a28ce35ec238f191ced4cd0c4 19448 suckless-tools_40-1+deb8u2.debian.tar.xz 28cd8f3ed68b9f3897b066097428c37447f8a564 52256 suckless-tools_40-1+deb8u2_amd64.deb Checksums-Sha256: 42a0c545e9ae5aea23a3b017830424bbdf6f9d93691df761fb77bfa9564579b1 4976 suckless-tools_40-1+deb8u2.dsc ff370905a35d40ddebc5738fd32e308dfa33130786edfce8428a7d15bef1a9ed 19448 suckless-tools_40-1+deb8u2.debian.tar.xz 0c818aa44f237919ccb01f2c22746ce91a4276348de7f2ea73fd38c66c268f06 52256 suckless-tools_40-1+deb8u2_amd64.deb Files: 76af2927397b661b95a7c46d3aec34f1 4976 x11 optional suckless-tools_40-1+deb8u2.dsc 468740104b3b2fefee92430481bf0642 19448 x11 optional suckless-tools_40-1+deb8u2.debian.tar.xz 4ba4a3636e285ee992ad8d06155a0b61 52256 x11 optional suckless-tools_40-1+deb8u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQI0BAEBCgAeBQJX36LVFxxpLnRzaXRzaW1waXNAZ21haWwuY29tAAoJENeoZ4DM ZEA8AR4P/iBNUVISDKldjGHTpBdjvRhhFoGTwnaYSbxD4CwOCNwrl76KpOsiKVe8 q6BpgCxl46B+eD3QwKlIfo6IvfMgy/Fa39++6AjFeaQegYUTXKcnuwoBEcpVhPa6 2bTYNP2fb7uPSogQlCOE/b6x8olb5uV66L1rxExnh7hJKaCHLBdozuQ+9ITJabTT fm/TIjWg7wkgr+MUeC30MR1n+5s4b7InOwcH7X05jnY5dZEB3MXwCnf50pg9uIUP quUPWYYHwBpjkyrGxaIpMINdHzlJKTxfiAXGMDn8FQsMbqbpBeoyRqf8Rba0LNL3 5J4VgG+HuGXcFE5lWuKBCP1QcSFDuDaShJYIHW9kvEd5x693z8opBQb1kDgDPUjF 1DC3274BxXkPlrJ4p368MXp0J9L27pTSGfaURSIEj5QbraSHzeo6cxhUBGuigCa1 SitnmzjUshzKW+BH1mQomgae/PzlBV2u1DXjuJ+4R4rGoxsBELBBEKveUoPasQSq rsMXQ2FlK/PhmChJEX8yeFTTiJSPqUvAQGAbN0B8BL6m6UohgZr6U1Xi+9xO1F49 eGHm+euOVD5TGfiq0fAvxYFEMmZhzBzyeXykZc6ZAL0LoeZti11GX9OaKYz4Fupc PS2hhYn6VnAZcXaUzxCLsYOYHneL2LW3Gfu5JdJ087UztP7PUHFU =jWfS -----END PGP SIGNATURE-----
